10/17/2008

Mobile Device Manager Gateway Server provides a network access point for managed Windows Mobile devices. MDM Gateway Server provides a security-enhanced IPsec tunnel between a managed device and the gateway. It enables Secure Sockets Layer (SSL) and TCP/UDP sessions to be maintained between the client application on the Windows Mobile device and internal application servers. MDM Gateway Server is not a member of the company domain, nor does it share network accounts or passwords.

MDM Gateway Server has the following characteristics:

The following describes the key MDM Gateway Server components:

Note   MDM does not report start and stop events for its services in the system log. For more information, see the knowledge base article http://go.microsoft.com/fwlink/?LinkId=119645 .

To work around this issue perform the following steps:

  1. On the Startmenu choose Run, and then in the Openbox type Control Panel.

  2. Select OK.

  3. Double-click Scheduled Tasks.

  4. From the menu bar, choose Advanced, and then select AT Service Account.

  5. In the AT Service Account Configurationdialog box, choose System Accountand then choose OK.

  6. On the Startmenu choose Run, in the Openbox, type cmdand then choose OK.

  7. At the command prompt, type the following command:

    Copy Code
    AT 12:00/i mofcomp %windir%\system32\wbem\scm.mof 
    
    This step re-compiles the Scm.mof file.

  8. Close the command prompt window and then re-start the computer.

Network Address Translation

Do not use network address translation (NAT) for the public IP address of MDM Gateway Server because doing so essentially masks the identity of MDM Gateway Server, thereby disrupting MDM functionality.

When you issue a device management command, such as a Wipe request, MDM Device Management Server instructs MDM Gateway Server to send a specially-formatted data packet to the device, instructing the device to request a policy refresh immediately.

The MDM Alerter agent running on the device compares the IP address of the MDM Gateway Server that it connects to, with the IP address of the MDM Gateway Server that sent the data packet. If these addresses do not match, then the device ignores the packet and does not connect to MDM Device Management Server until the regularly-scheduled refresh interval.